This privacy notice is intended to provide information about how Hermes Airports Ltd (“Hermes”) collects and processes personal data about you, captured by voice recordings of telephone calls made to Hermes Operations Center and to other internal telephone extensions, listed in Appendix A, at Larnaka and Pafos International Airports (the “Airports”).

 

1. Organization responsible for processing your personal data

Voice recording of telephone calls is controlled by Hermes, a company registered in Cyprus with company number HE152453 and registered office at Larnaka International Airport, 6650, P.O. BOX 43027, Larnaka, Cyprus, who is the Data Controller of your personal data pursuant to EU General Data Protection Regulation 679/2016 (“GDPR”) and the Protection of Personal Data Law, Law.125(I)/2018.

Please see below the contact details of the Data Protection Officer of Hermes:

Head Office, P.O. Box. 43027,

6650 Larnaka International Airport,

Larnaka, Cyprus

Email address: dpo@hermesairports.com
Phone: +357 24 742 132

 

2. Information processed

When you contact Hermes Operations Center and other internal telephone extensions which are listed in Appendix A, Hermes may collect personal data about you such as your name, surname, contact number or email and voice recordings, via the telephone system (“Personal Data”).  

 

3. Purposes of processing 

Hermes uses the Personal Data for the following purposes:

  1. To identify suspicious actions, prevent crime and protect premises and assets from damage, disruption, vandalism and other crime;   

  2. To ensure the required coordination with responsible governmental authorities for the prevention of illegal and/or unlawful acts at the Airports;

  3. For the personal safety of staff, stakeholders, passengers, airlines, visitors and other members of the public and to act as a deterrent against crime;

  4. To support and assist law enforcement bodies in the prevention, detection and prosecution of crime; 

  5. To meet obligations under contract or applicable laws in respect of airport security, aviation safety, and health and safety;

  6. For the investigation of legal or other claims or allegations;

  7. In response to a data subject request;

  8. For performing car park services at the Airports;

  9. For providing callers with flight-related information; and

  10. To run its business and optimize operational capability.

together the “Purposes”.

 

4. Areas of processing

The Airports are classified as critical infrastructure by the Republic of Cyprus and for this reason the recording of telephone calls on designated extensions is necessary in order to contribute to the application of an effective airport terminal security program. Individuals are only identified if it is necessary to meet any of the Purposes.

Personal Data is collected when you contact any of the Hermes Operations Centers, the extensions listed in Appendix A and the following internal extensions:

  • Fire station

  • Air Traffic Control (ATC)

 

5. Information notices   

An automated message informs callers about the voice recording activity when the caller contacts by telephone the Hermes Operations Centers or any extension listed in Appendix A.

 

6. Lawful basis 

The processing is lawful under Articles 6.1.c and 6.1.f of the GDPR. The processing of voice recordings of telephone calls is necessary for:

  • compliance with a legal obligation to which the Data Controller is subject.

  • the purposes of the legitimate interests pursued by the Data Controller who uses voice recordings of telephone calls for the purposes of airport security, aviation/personal safety, crime prevention, protection of airport premises and operational capability optimization.

 

7. Access to Surveillance Data  

  1. Voice recordings of telephone calls can only be accessed by the Heads of Operations  of Larnaka and Pafos Airports, the DPO and the Hermes Legal Affairs Department.

  1. An access / telephone call recording release application and authorization process is in place for third parties requesting access to the Personal Data.

 

8. Retention period

Under normal circumstances, the Personal Data is retained for thirty (30) days and then deleted permanently through an automated system process. Personal Data may be extracted prior to the expiration of the retention period for the Purposes and in accordance with the applicable Policy of the Data Controller.

 

9. Data Transfers

Hermes may share the Personal Data with competent judicial and law enforcement authorities. Hermes may also share the Personal Data with its stakeholders on occasion where it considers it necessary to pursue a Purpose. 

Hermes requires all third parties to respect the security of your Personal Data and to process it in accordance with applicable law.

Hermes does not authorise third parties to use the Personal Data for their own purposes and only permits them to process it for the specified Purposes and in accordance with the Data Controller’s instructions.

 

10. Individuals’ rights - how to exercise them

As a data subject, under the GDPR and applicable legislation you have the right to, where appropriate: 

  • Access your Personal Data by making a subject access request

  • Rectification, erasure or restriction of your information

  • Object to the processing of your information

If you wish to exercise any of these rights, please send an email to dpo@hermesairports.com.

You will not have to pay a fee to exercise any of your rights. However, Hermes may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Hermes may need to request specific information from you to help confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. Hermes may also contact you to ask you for further information in relation to your request to speed up its response.

Hermes aims to respond to any request for information promptly, and in any event within the legally required time limits (currently thirty (30) days).

 

11. Complaints

If you are unsatisfied with Hermes response or handling of your personal information, you also have the right to make a complaint to the Office of the Commissioner for Personal Data Protection, the Cyprus supervisory authority for data protection issues. We would, however, appreciate the chance to address your concerns before you approach the Commissioner, so please contact us in the first instance.

 

12. Security of personal data

Hermes is committed to protecting your Personal Data and uses several security technologies, controls and procedures to help protect your Personal Data from unauthorised access, use or disclosure. Hermes keeps your data on systems that are limited in access and physically kept in access-controlled facilities.

 

13. Regular updates of this Privacy Notice

This Privacy Notice will be regularly reviewed and updated to reflect any changes to the processing activity.